Topic "FTP Account Access Details Hijacked"

Author Message
stakemaster
[View user's profile]

Joined: 2011-11-12
Posts: 4
It may just be a coincidence, but since I installed version 4.3.5 of WinSCP my cPanel access details have been hijacked and my email accounts have been used for spamming. HostGator support said:
Quote:
From our experience with malware of this nature, the user account passwords are compromised though viruses/malware located on your local computer. This malware sniffs out passwords used and stored by FTP programs or e-mail clients.

Aren't WinSCP access details secure? I am doing a full virus/malware check but after 8 hours nothing has been found yet. What are the likely culprits for this kind of attack? Could it be a server-side issue? Support changed my access details in the morning but by early evening it had been hijacked again.

Please advise.
Advertisements
NonaSuomy
[View user's profile]

Joined: 2011-11-10
Posts: 6
SQL Injection and cross site scripting attacks most of the time poor programming on the webcoders sides.
stakemaster
[View user's profile]

Joined: 2011-11-12
Posts: 4
NonaSuomy wrote:
SQL Injection and cross site scripting attacks most of the time poor programming on the webcoders sides.

Thanks for the reply.

My cPanel password is being changed by someone other than me. Can SQL injection/cross site scripting be used to do this?
NonaSuomy
[View user's profile]

Joined: 2011-11-10
Posts: 6
Sure anything is plausible also the site you are using cpanel on could have an older version with exploitable holes in it if the webadmin has yet to update the code or enable harder security on it a lot of websites dont even hash and salt their passwords in the database where they are stored so the passwords can be seen in plain text or decrypted with easy to find pentesting tools. Also you yourself could have picked an insecure password that was easily bruteforced or maybe a former employee that knew the password etc or even a misguided webform you thought was yours that you were logging into but instead was a phishing attack.

There are so many varables you are never safe no matter what you do just do your best.

Quick google search brought up this: http://forums.cpanel.net/f185/mod_security-sql-injection-189551.html

for more information on the terms said above check out the articles below.

http://en.wikipedia.org/wiki/Sql_injection

http://en.wikipedia.org/wiki/Salt_(cryptography)

http://en.wikipedia.org/wiki/Password_cracking

http://en.wikipedia.org/wiki/Phishing

http://en.wikipedia.org/wiki/Cross_site_scripting

Good luck!
stakemaster
[View user's profile]

Joined: 2011-11-12
Posts: 4
Absolutely brilliant response, NonaSuomy, I really appreciate you taking the time to explain it and provide the links.

Cheers & thanks.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
stakemaster wrote:
Aren't WinSCP access details secure?

Please read http://winscp.net/eng/docs/security_credentials
Particularly the section "Storing password".
_________________
Martin Prikryl
consistency
[View user's profile]

Joined: 2008-08-16
Posts: 51
Location: austria
also keep in mind, that a standard ftp server does not use encryption, so everytime us enter your username and your password, it is sent unencrypted over the net, quite easy to sniff.

also if you connect to your control panel without SSL, like http://www.mycontrolpanel.com all the data you send and receive is unencrypted. allways try to connect via SSL like https://www.mycontrolpanel.com then all data is encrypted.

another security hole is email, nearly every provider is sending you the welcome email. "hello new customer, you panel can be found under https://www.panel.com, your username is: foo your password is: bar"
the email is unencrypted, so everyone who sniffs/gets/accesses the mail can login your panel.

after receiving a password via mail you should immediately login and change the password.

there are a lot more cases where someone can get your password, but i think you get the point, have you?
stakemaster
[View user's profile]

Joined: 2011-11-12
Posts: 4
More good info, many thanks.
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License